Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0170 A number of vulnerabilities have been identified in McAfee Email Gateway 4 December 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Email Gateway (MEG) 7.0 McAfee Email Gateway (MEG) 7.0.1 McAfee Email Gateway (MEG) 7.0.2 Operating System: Network Appliance VMWare ESX Server Impact/Access: Cross-site Scripting -- Remote with User Interaction Denial of Service -- Existing Account Resolution: Patch/Upgrade Member content until: Thursday, January 3 2013 OVERVIEW A number of vulnerabilities have been identified in McAfee Email Gateway (MEG) prior to version 7.0.2 Hotfix 116. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "Cross-Site Scripting The MEG 7.x Secure Web Delivery Client does not correctly handle email attachment names, allowing specifically named files to execute as scripts. A successful attack could invoke JavaScript when the webmail user subsequently accesses their draft messages. A malicious email can be constructed that results in an end-user signing into a secure webmail account and running an arbitrary JavaScript fragment when interacting with the message attachments. The interaction can be as simple as hovering over the attachment. Note that the invocation of this attack is limited by the need to highjack an active session cookie. Denial of Service MEG 7.x does not correctly verify administrative settings for generating email via the Secure Web Mail Client. This allows a user who would normally be unable to compose, forward, or reply to messages the ability to generate messages on the Appliance. The unauthorized generation of many messages could cause a potential Denial of Service (DoS) if the messages consume all available disk space. Note that the severity of this attack is limited by the need to highjack an active session cookie." [1] MITIGATION The vendor recommends updating to the latest version of McAfee Email Gateway (MEG) to correct these issues. [1] REFERENCES [1] McAfee Security Bulletin - MEG 7.0.2 Hotfix resolves multiple issues https://kc.mcafee.com/corporate/index?page=content&id=SB10037 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUL1cf+4yVqjM2NGpAQLE+hAAnxtumm7xg59s1bk00fq/V26I3CAvHLxq loll66lMNTvKiRmoiOWjSjE2Mh9yirKnvzT+cXUShB1y6juBuR7WF81fbcMdFaSz VAqj8tPbjJSjphqlCskAEZALM8UnD7bKXHbN94HEvvaNfoqqMS7S7+5JOBwoI/ut LUY31qGoIKt87kfYFIAcm7l8w5njFcO/xrSfe9305v+CWO+c7Zly/YZea95PvPxf /GtCm33Qb/Fe4QC+jit+zyJupi8B7Zyl6OmYZCAZlTBzMLNCz+iKC/Cnd+b4UkCD TeBO/6UpaAQLoj9Qf9JYpzzmYHe6NSAb++pUPlY0X6q0JGWBixtHAxYOlN8kRlq2 uDfipk2DV05x1Mkl1u/ZOBNp7Y5fZUhmIdULlJpykZ8AhXAyaIoJkEK1lZAjxazp 2sEqADAz7USu8RkJ9H0NiXcvsifGdHOaNzBrqRrir0pFeINzljwrAjnuLzNbrZm3 XvNJpJTaWFV+J/1hYfiSIku1itmMS9iMoBd8/ZU3fBPPIFknZdsKvtUjAHuWK6+M PPd8362vlmogBKOkotfDEf7NvWd770vx3lBHUp4X/OBJipwfIw3OelLUsDSPSw+l ulBneMbFLjQJMBcdY9sbUU6rxoR5jxJYVK7jmRVsMbB3h/iT1AxZmMkQUV+bqoAx kcD6b3w9M40= =IRiO -----END PGP SIGNATURE-----